On 07/17/2013 02:19 PM, Dominick Grift wrote:
On Wed, 2013-07-17 at 14:08 -0800, Erinn Looney-Triggs wrote:
> Sorry to respond to myself but I forgot the vitals:
>
> RHEL 6.4 x64
> selinux-policy-3.7.19-195.el6_4.12.noarch
>
> -Erinn
Se its allowed to bind tcp socket to generic tcp port_t type ports if
the allow_ypbind boolean is set ( sesearch with -ASCT would show you
that(
allow_ypbind boolean is not recommended though since it is very coarse.
Instead use semanage to label the port (tcp:8891) with one of the
available port types (seinfo -axport_type), then use audit2allow, after
reproducing the event, to allow bind tcp socket to ports with that type
You can also create a new port type and use that:
cat > mytest.te <<EOF
policy_module(mytest, 1.0.0)
type myport_t;
corenet_port(myport_t)
optional_policy(\`
gen_require(\`
type dkim_milter_t;
')
allow dkim_milter_t myport_t:tcp_socket name_bind;
')
EOF
make -f /usr/share/selinux/devel/Makefile mytest.pp
sudo semodule -i mytest.pp
>
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
Dominick,
Thanks a lot I figured there was some gap there that needed bridging in
my knowledge, and you kindly pointed me in the right direction.
-Erinn